[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libreplanet-discuss] 7 Reasons to Avoid Open Source?
|
From: |
Chad Larson |
|
Subject: |
Re: [libreplanet-discuss] 7 Reasons to Avoid Open Source? |
|
Date: |
Mon, 4 Dec 2017 14:02:41 -0500 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Mon, Dec 04, 2017 at 09:06:10AM -0600, Caleb Herbert wrote:
> On Sun, 2017-12-03 at 21:12 -0500, Chad Larson wrote:
> > Merely using a VCS is not sufficient. Traceability requires identifying
> > individual persons responsible for determining requirements for the
> > code, establishing their competence to design and implement the code, and
> > demonstrating that the code implements the requirements correctly for each
> > product that uses the code. Industrial regulations require traceability
> > to determine which individual personally made which implementation
> > decisions and which individual tested and verified the results.
>
> Sounds like they want better documentation. Ask Red Hat.
That seems like an odd request, given that Red Hat's history of certified
products is limited to enterprise software running on x86_64 hosts,
not embedded systems. Red Hat has some products rated at EAL4, but the
traceability requirements for EAL4 are fairly weak compared to other
industry standards (or even EAL6). The other certifications they have
seem to have even weaker requirements (but I haven't fully reviewed
them all).
I don't know of any free-software projects currently offering a complete
traceability data set. I know of only two open-source projects (FreeRTOS
and OpenSafety) which offer traceability data at all--but in both cases
the data is only available under a separate non-free license.
> > Traceability is very expensive, in terms of both development cost and
> > liberty for the developers. If you think of it as a map to know who to
> > sue when things go badly wrong, you're not entirely wrong.
>
> Sounds like they want the benefits of a warranty. Ask Red Hat.
A warranty is necessary but not sufficient. If a project is demanding
traceability, they expect more from their suppliers than a mere offer
to refund the purchase price.
> Reminder: Department of Defense will use software without a warranty IF
> and ONLY IF it is free. Is some company more important than the DoD?
The DoD routinely pays egregious development and support costs that the
private sector will not. Does some company have deeper pockets than
the DoD?
> --
> Caleb Herbert
> OpenPGP public key: http://bluehome.net/csh/pubkey